bancaweb.pichincha.com Open in urlscan Pro
2.17.100.147 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bancaweb.pichincha.com/pichincha/login
Submission: On September 28 via api (September 28th 2024, 8:50:44 pm UTC) from LU — Scanned from DE

Summary HTTP 50 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 18 IPs in 3 countries across 15 domains to perform 50 HTTP transactions. The main IP is 2.17.100.147, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is bancaweb.pichincha.com. The Cisco Umbrella rank of the primary domain is 401997.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on November 30th 2023. Valid for: a year.

This is the only time bancaweb.pichincha.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	2.17.100.147 2.17.100.147	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	34.120.99.200 34.120.99.200	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:802::2008	15169 (GOOGLE) (GOOGLE)
1	2600:9000:224... 2600:9000:2240:2800:10:fcf8:9540:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
1	18.66.102.106 18.66.102.106	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9d	15169 (GOOGLE) (GOOGLE)
2	13.33.187.92 13.33.187.92	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f17... 2a03:2880:f176:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2600:9000:249... 2600:9000:2490:8200:a:6cdf:4440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21f... 2600:9000:21f3:9800:1e:54f1:26c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:e600:13:ab57:d440:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2620:1ec:bdf::64 2620:1ec:bdf::64	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
50	18

15 2.17.100.147 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-147.deploy.static.akamaitechnologies.com

bancaweb.pichincha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.120.99.200 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 200.99.120.34.bc.googleusercontent.com

cdn.pichincha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2240:2800:10:fcf8:9540:93a1 (United States)

ASN16509 (AMAZON-02, US)

bcdn-god.we-stats.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-106.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.33.187.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-92.fra60.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:8200:a:6cdf:4440:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.a79ab95c1589a13f8a4cab612bc71f9f7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:9800:1e:54f1:26c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.b406929acabac9b095f124c81bdfcf57f.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:e600:13:ab57:d440:93a1 (United States)

ASN16509 (AMAZON-02, US)

1.c81358859121583b7adf2ace89cb39f44.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:bdf::64 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

cdnbancawebprodcx6.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	pichincha.com bancaweb.pichincha.com — Cisco Umbrella Rank: 401997 cdn.pichincha.com — Cisco Umbrella Rank: 189980	571 KB
5	gstatic.com fonts.gstatic.com www.gstatic.com	513 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	438 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 957 script.hotjar.com — Cisco Umbrella Rank: 1386	64 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 52	22 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 112	3 KB
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 152	597 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 196	77 KB
2	google.com www.google.com — Cisco Umbrella Rank: 3	1 KB
1	azureedge.net cdnbancawebprodcx6.azureedge.net — Cisco Umbrella Rank: 943624	33 KB
1	c81358859121583b7adf2ace89cb39f44.com 1.c81358859121583b7adf2ace89cb39f44.com — Cisco Umbrella Rank: 23089
1	b406929acabac9b095f124c81bdfcf57f.com 1.b406929acabac9b095f124c81bdfcf57f.com — Cisco Umbrella Rank: 23875
1	a79ab95c1589a13f8a4cab612bc71f9f7.com 1.a79ab95c1589a13f8a4cab612bc71f9f7.com — Cisco Umbrella Rank: 24107
1	we-stats.com bcdn-god.we-stats.com — Cisco Umbrella Rank: 39200	163 KB
0	google.de Failed www.google.de Failed
50	15

	Domain	Requested by
15	bancaweb.pichincha.com	bancaweb.pichincha.com
4	www.googletagmanager.com	bancaweb.pichincha.com www.googletagmanager.com www.google-analytics.com
4	fonts.gstatic.com	bancaweb.pichincha.com
4	cdn.pichincha.com	bancaweb.pichincha.com
3	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.facebook.com	bancaweb.pichincha.com
2	script.hotjar.com	static.hotjar.com script.hotjar.com
2	stats.g.doubleclick.net	www.googletagmanager.com
2	connect.facebook.net	www.googletagmanager.com connect.facebook.net
2	www.google.com	bancaweb.pichincha.com www.gstatic.com
1	cdnbancawebprodcx6.azureedge.net
1	1.c81358859121583b7adf2ace89cb39f44.com	bcdn-god.we-stats.com
1	1.b406929acabac9b095f124c81bdfcf57f.com	bcdn-god.we-stats.com
1	1.a79ab95c1589a13f8a4cab612bc71f9f7.com	bcdn-god.we-stats.com
1	www.gstatic.com	www.google.com
1	static.hotjar.com	www.googletagmanager.com
1	bcdn-god.we-stats.com	bancaweb.pichincha.com
0	www.google.de Failed	bancaweb.pichincha.com
50	18

This site contains links to these domains. Also see Links.

Domain
www.pichincha.com

Subject Issuer	Validity	Valid
pichincha.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-30` - `2024-12-02`	a year	crt.sh
*.pichincha.com DigiCert TLS RSA SHA256 2020 CA1	`2023-10-04` - `2024-11-03`	a year	crt.sh
*.gstatic.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.we-stats.com GeoTrust TLS RSA CA G1	`2024-08-01` - `2025-07-31`	a year	crt.sh
*.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-07-07` - `2024-10-05`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.a79ab95c1589a13f8a4cab612bc71f9f7.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-31` - `2025-04-04`	a year	crt.sh
*.b406929acabac9b095f124c81bdfcf57f.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-31` - `2025-04-07`	a year	crt.sh
*.c81358859121583b7adf2ace89cb39f44.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-31` - `2025-04-07`	a year	crt.sh
*.azureedge.net Microsoft Azure RSA TLS Issuing CA 04	`2024-09-19` - `2025-09-14`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://bancaweb.pichincha.com/pichincha/login
Frame ID: 4D3E099437E8D301EBD8E9D041D9CB80
Requests: 45 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdmpOcUAAAAAB1iWnuTLwXdCwkLmAAN6UEk_qv6&co=aHR0cHM6Ly9iYW5jYXdlYi5waWNoaW5jaGEuY29tOjQ0Mw..&hl=de&v=xds0rzGrktR88uEZ2JUvdgOY&size=invisible&cb=9z664qe09gbl
Frame ID: 1D35C204A5BA94466F91EE71028BE820
Requests: 1 HTTP requests in this frame

Frame: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Frame ID: 4F827805F342B6D5FCB0224E503FB54A
Requests: 1 HTTP requests in this frame

Frame: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Frame ID: F8B5E9FCAC90E66EA7AFBEB99C818DAA
Requests: 1 HTTP requests in this frame

Frame: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Frame ID: 78D19711C2E7DFB856C040E1F8D3A90A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bancaweb

Detected technologies

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Page Statistics

50
Requests

94 %
HTTPS

76 %
IPv6

15
Domains

18
Subdomains

18
IPs

3
Countries

1885 kB
Transfer

5455 kB
Size

18
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.pichincha.com/
Title: www.pichincha.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request login Show response
bancaweb.pichincha.com/pichincha/ 3 KB
5 KB 341ms
174ms Document
text/html 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

c98da62f0d6a11e66279af3906a33107b7f57c385f57b318650c9d8340eae823

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	same-origin
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36

Response headers

Allow: GET, HEAD
Cache-Control: no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 1384
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Content-Type: text/html
Date: Sat, 28 Sep 2024 20:50:36 GMT
ETag: W/"66f5d2a2-b33:dtagent10299240903104354Qus+"
Last-Modified: Thu, 26 Sep 2024 21:31:13 GMT
Pragma: no-cache
Vary: Accept-Encoding
X-Forwarded-For: 45.141.152.73, 2.17.100.143, 23.56.236.102, 2a01:111:2054:1d:0:aff:fe8c:47bc, 147.243.202.204,10.223.36.7
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: same-origin
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin
strict-transport-security: max-age=1536000; includeSubdomains;
x-azure-ref: 20240928T205036Z-1575d978b7698s75aehg9tcmc800000002z000000000f5xg
x-content-type-options: nosniff
x-crd-application-id: 00695
x-crd-channel-id: 02
x-crd-medium-id: 020007
x-envoy-upstream-service-time: 1
x-frame-options: same-origin
x-oneagent-js-injection: true
x-permitted-cross-domain-policies: none
x-remote-ip: 10.223.36.7
x-ruxit-js-agent: true
x-xss-protection: 1; mode=block

GET
H2 200 prelo-semibold.woff2
cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/ 20 KB
20 KB 56ms
8ms Font
font/woff2 34.120.99.200
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/prelo-semibold.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.99.200 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

200.99.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

fc3490c0d21c14c0429104f2288eff3de5f5d68d3824ce436777eab15d0bfc13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

x-goog-metageneration: 2
x-goog-meta-goog-reserved-file-mtime: 1690407791
access-control-expose-headers: Origin,Accept,X-Requested-With,Authorization,Content-Type,Content-Length,Accept-Encoding
x-goog-hash: crc32c=o6L0TA==, md5=MKO5W0s+Aqd7o0hRaX16uw==
etag: "30a3b95b4b3e02a77ba34851697d7abb"
age: 453889
x-content-type-options: nosniff
x-goog-stored-content-encoding: identity
expires: Tue, 23 Sep 2025 14:45:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 20296
date: Mon, 23 Sep 2024 14:45:47 GMT
last-modified: Wed, 26 Jul 2023 21:43:22 GMT
content-type: font/woff2
x-guploader-uploadid: AD-8ljsZ0NsfUYxmWBbHvGl_fm1i6_TdkPhv2b59SBCa_mSn11iR0V9vApf0Nto5YdpcxRLr1jRL40XCjA
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1690407802176116
content-length: 20296
server: UploadServer

GET
H2 200 prelo-medium.woff2
cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/ 20 KB
20 KB 57ms
10ms Font
font/woff2 34.120.99.200
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/prelo-medium.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.99.200 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

200.99.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

413beba4fb6f45ed524bb18ef31a6d08c831b004de6cac6b25b26c0615943d39

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

x-goog-metageneration: 2
x-goog-meta-goog-reserved-file-mtime: 1690407791
access-control-expose-headers: Origin,Accept,X-Requested-With,Authorization,Content-Type,Content-Length,Accept-Encoding
x-goog-hash: crc32c=eLOaLw==, md5=fRXn8W/pfkGUp3L1HNG1GQ==
etag: "7d15e7f16fe97e4194a772f51cd1b519"
age: 774244
x-content-type-options: nosniff
x-goog-stored-content-encoding: identity
expires: Fri, 19 Sep 2025 21:46:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 20212
date: Thu, 19 Sep 2024 21:46:32 GMT
last-modified: Wed, 26 Jul 2023 21:43:22 GMT
content-type: font/woff2
x-guploader-uploadid: AD-8ljvkwublyfPRnEl_-cMG6q1x6nJWYgNTq3Lz_Yr6URSTjVQFozYlbF2G5QRA-eDgrANzZY-JkvaR6A
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1690407802139388
content-length: 20212
server: UploadServer

GET
H2 200 preloslab-book.woff2
cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/ 22 KB
22 KB 63ms
15ms Font
font/woff2 34.120.99.200
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/preloslab-book.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.99.200 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

200.99.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

cd4676442306bb29ac4e0fdd1da7f3ccda77b040b71c7937634fa9698f9867be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

x-goog-metageneration: 2
x-goog-meta-goog-reserved-file-mtime: 1690407791
access-control-expose-headers: Accept, Accept-Encoding, Authorization, Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace, X-Requested-With
x-goog-hash: crc32c=bJN2yQ==, md5=pptpR2379pLeBMJ8aa63tg==
etag: "a69b69476dfbf692de04c27c69aeb7b6"
age: 36401
x-content-type-options: nosniff
x-goog-stored-content-encoding: identity
expires: Sun, 28 Sep 2025 10:43:55 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 22040
date: Sat, 28 Sep 2024 10:43:55 GMT
last-modified: Wed, 26 Jul 2023 21:43:22 GMT
content-type: font/woff2
x-guploader-uploadid: AD-8lju4sFQC3uqX2i3AKU7J6RdFqgV5bm0MllSiCxwViS3UNj2PXcfe6TkrV5AicGFtA8ax6Qg
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1690407802210856
content-length: 22040
server: UploadServer

GET
H2 200 prelo-book.woff2
cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/ 20 KB
20 KB 64ms
17ms Font
font/woff2 34.120.99.200
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.pichincha.com/v0.0.3-statics/wc-design-pichincha/statics/prelo-book.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.120.99.200 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

200.99.120.34.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

feb512afb6ccd2bb2453105c967d6e44f607852245b9eba31cb5bb434302fe98

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

x-goog-metageneration: 2
x-goog-meta-goog-reserved-file-mtime: 1690407791
access-control-expose-headers: Origin,Accept,X-Requested-With,Authorization,Content-Type,Content-Length,Accept-Encoding
x-goog-hash: crc32c=S+Oi7A==, md5=wcUg8D2mJ3D2cm7RIAdGxw==
etag: "c1c520f03da62770f6726ed1200746c7"
age: 453889
x-content-type-options: nosniff
x-goog-stored-content-encoding: identity
expires: Tue, 23 Sep 2025 14:45:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 20468
date: Mon, 23 Sep 2024 14:45:47 GMT
last-modified: Wed, 26 Jul 2023 21:43:22 GMT
content-type: font/woff2
x-guploader-uploadid: AD-8ljsXFV-oeyGNtzjb-d2W1L11JWEddsFFXfhjv6-dqJT8lH2nfw_hf7kJRtkVEJshf6oD6Ucpvezwyw
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1690407802136888
content-length: 20468
server: UploadServer

GET
H3 200 gok-H7zzDkdnRel8-DQ6KAXJ69wP1tGnf4ZGhUcel5euIg.woff2
fonts.gstatic.com/s/materialiconsoutlined/v109/ 152 KB
152 KB 47ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialiconsoutlined/v109/gok-H7zzDkdnRel8-DQ6KAXJ69wP1tGnf4ZGhUcel5euIg.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35dca8a7145a17c8d1306f25a3ca091578e15396f0b22d61eb8e73262ac75577

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

age: 237609
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 26 Sep 2025 02:50:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 26 Sep 2024 02:50:27 GMT
last-modified: Tue, 07 Mar 2023 20:23:06 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 155276
x-xss-protection: 0
server: sffe

GET
H3 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
11 KB 40ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

age: 166726
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 26 Sep 2025 22:31:50 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 26 Sep 2024 22:31:50 GMT
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10748
x-xss-protection: 0
server: sffe

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 39ms
7ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

age: 193471
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 26 Sep 2025 15:06:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 26 Sep 2024 15:06:05 GMT
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10788
x-xss-protection: 0
server: sffe

GET
H3 200 flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2
fonts.gstatic.com/s/materialicons/v140/ 126 KB
126 KB 40ms
9ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/materialicons/v140/flUhRq6tzZclQEJ-Vdg-IuiaDsNcIhQ8tQ.woff2

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

age: 217295
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Fri, 26 Sep 2025 08:29:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Thu, 26 Sep 2024 08:29:01 GMT
last-modified: Tue, 07 Mar 2023 19:52:07 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 128616
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK ruxitagentjs_ICANVfgqru_10299240903104354.js Show response
bancaweb.pichincha.com/ 3 KB
4 KB 173ms
170ms Script
text/html 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/ruxitagentjs_ICANVfgqru_10299240903104354.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

60e0bfd7d86ad51b81f86a69494d136f068bbb92bff449271a3f68daab99e452

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer: https://bancaweb.pichincha.com/pichincha/login

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-b33"
X-Forwarded-For: 66.231.68.197, 23.208.24.71, 10.213.52.58, 23.213.52.49, 2a01:111:2053:208:e803:0:ad4:488d, 147.243.245.236,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: text/html
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 1
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 1145
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240928T021505Z-1549df5cb8ch4xq5r7wc5zg750000000043000000000rv8p
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK vendor.37e4ada4076c3f39.css
bancaweb.pichincha.com/ 6 KB
5 KB 31ms
18ms Stylesheet
text/css 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/vendor.37e4ada4076c3f39.css

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

a9864d7c9721eae7cc243a92dcd4e8a6e4e94b5d03c2cc6d6a1a1d24b28bdba7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer: https://bancaweb.pichincha.com/pichincha/login

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-1918"
X-Forwarded-For: 80.187.67.212, 23.3.88.46, 23.36.160.139, 23.59.176.218, 147.243.245.241, 147.243.246.12,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: text/css
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 1792
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040215Z-1549df5cb8cgn55p0912199gfg00000002m000000000agtg
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK main.d204119a5b70a17f.css
bancaweb.pichincha.com/ 22 KB
7 KB 35ms
22ms Stylesheet
text/css 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/main.d204119a5b70a17f.css

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

57a17ca733c4e62ae2de0ef0cceb241f777e2ea3ec32ffdc3c115e431883fa4a

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer: https://bancaweb.pichincha.com/pichincha/login

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-563c"
X-Forwarded-For: 80.187.67.212, 23.3.88.22, 23.206.213.204, 23.59.176.198, 147.243.245.236, 147.243.245.234,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: text/css
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 4748
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040215Z-1549df5cb8cjj2m59s1p06w1a400000002d000000000p8f3
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK runtime.1135f42389e3372a.js Show response
bancaweb.pichincha.com/ 5 KB
5 KB 61ms
25ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

3839fe324c34251548e08db28b34fb5da315a7f1462cc68a06834a1a32d06494

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/pichincha/login

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-12b8"
X-Forwarded-For: 181.188.237.244, 104.110.240.46, 2.19.195.37, 23.213.52.49, 147.243.245.242, 147.243.246.6,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 2502
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T031747Z-1549df5cb8cxkzl6h2htg2fq1s00000002hg00000001k0hc
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK vendor.6784f839b5d1fe13.js Show response
bancaweb.pichincha.com/ 656 KB
228 KB 56ms
20ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/vendor.6784f839b5d1fe13.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

cad36b63f4c99dc686a6a579a8c6efd41a36a1912a683a4ef1c8477ac5bf70ee

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/pichincha/login

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-a400b"
X-Forwarded-For: 80.187.67.212, 23.3.88.22, 23.36.160.139, 23.59.176.218, 147.243.245.241, 147.243.246.12,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 230573
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040215Z-1549df5cb8cgn55p0912199gfg00000002m000000000agu4
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK main.fdd17c9d78294483.js Show response
bancaweb.pichincha.com/ 138 KB
48 KB 90ms
25ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/main.fdd17c9d78294483.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

739a362fd0e86d02e5e8c0e1cdedaf0ae295e46fa96d156d71aad3e9011182a8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/pichincha/login

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-2288d"
X-Forwarded-For: 181.188.237.244, 104.110.240.46, 2.19.195.125, 23.213.52.58, 147.243.246.9, 147.243.245.229,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 46541
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T031748Z-1549df5cb8ct8pzqpart57s0us00000002g000000000h2qb
XSRF-TOKEN: Secure, SameSite=Strict

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 622 KB
137 KB 98ms
63ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NJJPWTS

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/pichincha/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f065754693a5b030be98ebd3aea7ea38a08488003946f9fb99d7259ea50e9e24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: gzip
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Sat, 28 Sep 2024 20:50:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 139752
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 2c2af637.js Show response
bcdn-god.we-stats.com/scripts/181e494/ 897 KB
163 KB 112ms
51ms Script
application/javascript 2600:9000:2240:2800:10:fcf8:9540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcdn-god.we-stats.com/scripts/181e494/2c2af637.js
Requested by: Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/main.fdd17c9d78294483.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2240:2800:10:fcf8:9540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e2eed982b93e21cd92db8497b50aadd29712f799b8fc3ae9aa6ac3eccbaf0a5e

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

vary: Accept-Encoding
content-encoding: gzip
x-amz-version-id: null
etag: "37e8cb20e480bcd2161a370e52d48912"
via: 1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: RefreshHit from cloudfront
content-length: 166572
x-amz-cf-id: M8AJpSDaDvmuMOJfxQmhlxENS9bRhUovdIDRKqEvbj9-_zqZ6gdg_Q==
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: application/javascript
last-modified: Sun, 12 May 2024 06:39:13 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK common.4a6b43819bec386d.js Show response
bancaweb.pichincha.com/ 500 KB
126 KB 33ms
33ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/common.4a6b43819bec386d.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

f53e98aa544224c6d20e9bc9ad88861f545593125f1fb8033b476a03d82887d1

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-7d046"
X-Forwarded-For: 80.187.67.212, 23.3.88.46, 23.206.213.219, 23.59.176.198, 2a01:111:2053:207:e803:0:ad4:4bc7, 147.243.245.235,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 1
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 126414
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040216Z-1549df5cb8cjj2m59s1p06w1a400000002d000000000p8my
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK 363.f4e6e2e28bdbf33f.js Show response
bancaweb.pichincha.com/ 777 B
3 KB 47ms
46ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/363.f4e6e2e28bdbf33f.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

643032a202d31d41094cd7661e6ac2705eed97494984b34a3dc3e75697be46c0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: "66f5d2a1-309"
X-Forwarded-For: 80.187.67.212, 23.3.88.22, 23.36.160.159, 23.59.176.218, 2a01:111:2053:207:e803:0:ad4:4bd0, 147.243.245.245,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:13 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 1
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Accept-Ranges: bytes
Content-Length: 482
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040216Z-1549df5cb8cgn55p0912199gfg00000002m000000000agy8
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK 261.483139b83c17c3c5.js Show response
bancaweb.pichincha.com/ 422 B
3 KB 20ms
19ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/261.483139b83c17c3c5.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

a6c987a7e5f64aadf3b3041ac863b3f7870189a0d9814d71d9280c91819058e3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: "66f5d2a2-1a6"
X-Forwarded-For: 80.187.67.212, 23.3.88.46, 23.206.213.208, 23.59.176.218, 2a01:111:2053:207:e803:0:ad4:4bd0, 147.243.245.245,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Accept-Ranges: bytes
Content-Length: 275
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040217Z-1549df5cb8cgn55p0912199gfg00000002m000000000agyv
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK 527.e267bc090cf056ae.js Show response
bancaweb.pichincha.com/ 933 B
3 KB 47ms
47ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/527.e267bc090cf056ae.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

26a1ffffa94cf7e7429488ecc16b6d2dcff5e99d90eae00ea67c33f33ad3f800

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: "66f5d2a2-3a5"
X-Forwarded-For: 181.188.237.244, 104.110.240.46, 2.19.195.7, 23.213.52.58, 2a01:111:2053:208:e803:0:ad4:4894, 147.243.246.14,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 1
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Accept-Ranges: bytes
Content-Length: 550
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T031752Z-1549df5cb8ct8pzqpart57s0us00000002g000000000h327
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK 786.eb002f97c82a15d9.js Show response
bancaweb.pichincha.com/ 920 B
3 KB 48ms
48ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/786.eb002f97c82a15d9.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

a2e920bc0195d18871d84d88dd7e149e65904957460ccd7ebede1e34aa3989c3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: "66f5d2a2-398"
X-Forwarded-For: 181.188.237.244, 104.110.240.46, 2.19.195.125, 23.213.52.58, 2a01:111:2053:207:e803:0:ad4:4bce, 147.243.246.5,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Accept-Ranges: bytes
Content-Length: 537
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T031752Z-1549df5cb8c42jpgdkd1u1k0xc000000028000000001gqw9
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK 707.c1e62980b312d2d8.js Show response
bancaweb.pichincha.com/ 54 KB
16 KB 45ms
44ms Script
application/javascript 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://bancaweb.pichincha.com/707.c1e62980b312d2d8.js

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/runtime.1135f42389e3372a.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

ac9f32fad97783f87d38829c2f0358169794896213b285c7166d46d9d73d87f3

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: W/"66f5d2a2-d6e8"
X-Forwarded-For: 80.187.67.212, 23.3.88.46, 23.36.160.139, 23.59.176.218, 2a01:111:2053:207:e803:0:ad4:4bd0, 147.243.245.245,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 1
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Content-Length: 13044
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040216Z-1549df5cb8cgn55p0912199gfg00000002m000000000agxe
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK logo.svg
bancaweb.pichincha.com/assets/ 5 KB
5 KB 63ms
19ms Image
image/svg+xml 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bancaweb.pichincha.com/assets/logo.svg

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

24aa7b8bdbc1a136a69f3828a19a8faaccc9c7124d42366b6683e84239ee74a0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: "66f5d2a2-15bd"
X-Forwarded-For: 181.188.237.244, 104.110.240.46, 2.16.7.225, 23.59.176.198, 147.243.246.13, 147.243.246.17,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: image/svg+xml
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 1
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Accept-Ranges: bytes
Content-Length: 2604
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T031753Z-1549df5cb8cm2p9x1m7ed7y5vn00000002eg00000000rrtn
XSRF-TOKEN: Secure, SameSite=Strict

GET
H/1.1 200
OK main-image.svg
bancaweb.pichincha.com/assets/ 71 KB
25 KB 58ms
42ms Image
image/svg+xml 2.17.100.147
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bancaweb.pichincha.com/assets/main-image.svg

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.147 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-147.deploy.static.akamaitechnologies.com

Software

Resource Hash

2ba9b31b5cd3a1e42464ec5559d018ba0cf7e063d40f816cbbbfde796ef448f0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
X-Content-Type-Options	nosniff, nosniff
X-Frame-Options	same-origin, SAMEORIGIN
X-Xss-Protection	1; mode=block, 1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer: https://bancaweb.pichincha.com/

Response headers

Authorization: Secure, HttpOnly, SameSite=Strict
Content-Encoding: gzip
ETag: "66f5d2a2-11a18"
X-Forwarded-For: 80.187.67.212, 23.3.88.22, 23.36.160.159, 23.59.176.198, 2a01:111:2053:207:e803:0:ad4:4bc7, 147.243.245.237,10.223.36.7
x-permitted-cross-domain-policies: none
x-content-type-options: nosniff, nosniff
Date: Sat, 28 Sep 2024 20:50:36 GMT
Content-Type: image/svg+xml
Last-Modified: Thu, 26 Sep 2024 21:31:14 GMT
x-remote-ip: 10.223.36.7
x-crd-medium-id: 020007
x-frame-options: same-origin, SAMEORIGIN
strict-transport-security: max-age=1536000; includeSubdomains;, max-age=31536000, max-age=31536000
Vary: Accept-Encoding
Content-Security-Policy: script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://*.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://*.google.com https://*.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://*.gstatic.com https://stats.g.doubleclick.net https://*.hotjar.com https://*.hotjar.io https://*.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://*.biocatch.com https://*.pichincha.com https://*.we-stats.com https://analytics.google.com https://detectca.easysol.net https://*.hotjar.com https://*.hotjar.io wss://*.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://*.googleapis.com https://*.gstatic.com *.googleusercontent.com; frame-ancestors https://*.pichincha.com;
Cache-Control: max-age=10800
cross-origin-opener-policy: same-origin
Pragma: no-cache
x-envoy-upstream-service-time: 2
x-crd-application-id: 00695
Connection: keep-alive
cross-origin-resource-polic: : same-origin
referrer-policy: same-origin, no-referrer
Allow: GET, HEAD
x-crd-channel-id: 02
cross-origin-embedder-policy: unsafe-none
Accept-Ranges: bytes
Content-Length: 22978
x-xss-protection: 1; mode=block, 1; mode=block
x-azure-ref: 20240927T040217Z-1549df5cb8cjj2m59s1p06w1a400000002d000000000p8p6
XSRF-TOKEN: Secure, SameSite=Strict

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 72ms
33ms Script
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LdmpOcUAAAAAB1iWnuTLwXdCwkLmAAN6UEk_qv6

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/main.fdd17c9d78294483.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

1083d69c1044cd1702b671918682102cd2f5bde45a7ff6db1ab5a51119dd00ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 20:50:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Sat, 28 Sep 2024 20:50:36 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 315 KB
106 KB 37ms
34ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJJPWTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

72aaf2cc33297ad9e2665e1b7f8b2865ed3d291ef285cf9e1bbd8b27e0045992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 20:50:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 107719
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 61ms
5ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJJPWTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: gzip
age: 4828
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Sat, 28 Sep 2024 21:30:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 19:30:08 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 hotjar-1370437.js Show response
static.hotjar.com/c/ 13 KB
6 KB 76ms
38ms Script
application/javascript 18.66.102.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1370437.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJJPWTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-106.fra56.r.cloudfront.net

Software

Resource Hash

3fce4d60516fd68c0b752a2a4238b954241509dd9f4958f6ded40219ca687144

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/1434e4cf27ea2747c923b59c01efc848
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-id: LDto60H0vlpRNQhFJI5JSbnoaKGJfhgbi1XflzYS76mwQdLRtZE4pw==
date: Sat, 28 Sep 2024 20:50:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: FRA56-P2

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 226 KB
58 KB 27ms
10ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJJPWTS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5ebce957851eb83517851e8613f012eb45aa4ebb6142b92c30b7d9492c874e22

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 20:50:36 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=23, mss=1232, tbw=4446, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: mC9ZPhCKcEk73LV+lxjOd+gb1uM/syrrxygKVALUQdZX0Z1GLBAVPJsDu8JCH6stvZK/gbZSe3qjfRFaxR3QeQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 59131
x-xss-protection: 0

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 281 KB
96 KB 39ms
35ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-747105195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NJJPWTS

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ad18e7168a4d7886c12981f28ab696b11152fa67bf1ad03165417cd7dca30d0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires: Sat, 28 Sep 2024 20:50:36 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:36 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sat, 28 Sep 2024 18:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 97478
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/ 541 KB
215 KB 41ms
11ms Script
text/javascript 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LdmpOcUAAAAAB1iWnuTLwXdCwkLmAAN6UEk_qv6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8635cb1f53e720094ad3494627fd904246c714272f0aaa563117f2688deaee24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Origin: https://bancaweb.pichincha.com
Referer

Response headers

content-encoding: gzip
age: 574
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Sun, 28 Sep 2025 20:41:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:41:02 GMT
last-modified: Mon, 23 Sep 2024 04:00:50 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 219745
x-xss-protection: 0
server: sffe

GET c782e374-ab8d-4b98-b15e-21914c596f95
https://bancaweb.pichincha.com/ Frame 0
0

GET
H3 200 636818550096392 Show response
connect.facebook.net/signals/config/ 96 KB
19 KB 166ms
166ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/636818550096392?v=2.9.169&r=stable&domain=bancaweb.pichincha.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b45ee7708d98269898ee82a8329269fd47af32657d1ad4e1ef6b43a7923dcfe7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'unsafe-inline' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
edge-control: cache-maxage=10m
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=68, mss=1232, tbw=67276, tp=63, tpl=0, uplat=158, ullat=0
pragma: public
x-fb-debug: 854AdOaToIS7Y0P/xXmJseAZxqmMzUiuoCwUzvdsCtQPq4RsB8MU76iVx5WZnnbgRD21uXKpMcQLL/SAhSST8g==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
438 B 30ms
29ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1959032644&t=pageview&_s=1&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&ul=de-de&de=UTF-8&dt=Bancaweb&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1552728281&gjid=1147254488&cid=504745197.1727556637&tid=UA-43316790-17&_gid=1217592144.1727556637&_r=1&_slc=1&gtm=45He49p0n81NJJPWTSv812205726za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101671035~101686685~101747727&npa=1&z=1230474576

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

d73e0ca89dec39179683825c77431cb68708e56035af72352e5cab15dbfeff34

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Content-Type: text/plain
Referer

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:37 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://bancaweb.pichincha.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 15
server: Golfe2

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
73 B 28ms
28ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1959032644&t=pageview&_s=1&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&ul=de-de&de=UTF-8&dt=Bancaweb&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAEABAAAAACAAI~&jid=1392679617&gjid=593974459&cid=504745197.1727556637&tid=%5Bobject%20Object%5D&_gid=1217592144.1727556637&_r=1&_slc=1&gtm=45He49p0n81NJJPWTSv812205726za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101671035~101686685~101747727&npa=1&z=780657810

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Content-Type: text/plain
Referer

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:37 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://bancaweb.pichincha.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
549 B 161ms
70ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-H1TB1YRV63&cid=504745197.1727556637&gtm=45je49p0v9119783046z8812205726za200zb812205726&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://bancaweb.pichincha.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: text/plain
server: Golfe2

GET ga-audiences
www.google.de/ads/ 0
0

GET
H2 200 modules.0721e7cf944cf9d78a0b.js Show response
script.hotjar.com/ 224 KB
56 KB 33ms
8ms Script
application/javascript 13.33.187.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.0721e7cf944cf9d78a0b.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1370437.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-92.fra60.r.cloudfront.net

Software

Resource Hash

b59aea27fa8369f30285b9c3875597435dfce1fc0571555adcc11d210cb9bd1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

x-robots-tag: none
content-encoding: br
etag: "ac12d2f9dbf41b678b7eb52a4d3e70f3"
age: 804510
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: 7pY_gQxlErJq1m5O4nH0vFnCTbtWeXpw6mFNa0sT0YcZqqFwxPu0PQ==
date: Thu, 19 Sep 2024 13:22:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 19 Sep 2024 13:21:34 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 6b284415724869adc9db63c19e48e420.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56508
x-amz-cf-pop: FRA60-P9

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 304 KB
100 KB 37ms
37ms Script
application/javascript 2a00:1450:4001:802::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-4YJ47TZ7LC&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

21c8984d09fe14c45a88855b2d276b7ba1aebacd35cb75226721480d7ef155b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Sat, 28 Sep 2024 20:50:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 102124
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 1D35 0
0 103ms
79ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LdmpOcUAAAAAB1iWnuTLwXdCwkLmAAN6UEk_qv6&co=aHR0cHM6Ly9iYW5jYXdlYi5waWNoaW5jaGEuY29tOjQ0Mw..&hl=de&v=xds0rzGrktR88uEZ2JUvdgOY&size=invisible&cb=9z664qe09gbl

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ksrhXr8_xTZuWAUHAJjhlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-ksrhXr8_xTZuWAUHAJjhlQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Sat, 28 Sep 2024 20:50:37 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 browser-perf.8417c6bba72228fa2e29.js Show response
script.hotjar.com/ 5 KB
2 KB 7ms
7ms Script
application/javascript 13.33.187.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js

Requested by

Host: script.hotjar.com
URL: https://script.hotjar.com/modules.0721e7cf944cf9d78a0b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.187.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-187-92.fra60.r.cloudfront.net

Software

Resource Hash

70712c8650feecc46403b5801b9d5b72d5b2d6ba1d1cf0317e105603982321bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

x-robots-tag: none
content-encoding: br
etag: "b83b61bc5871e9a23a0434e2c539f4f3"
age: 21449910
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: w8zoy5rRrIcd9XElDaLWI91es1AULanecC6ARV5pR6S9mBTz9OmDGQ==
date: Wed, 24 Jan 2024 14:32:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 24 Jan 2024 14:31:37 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 6b284415724869adc9db63c19e48e420.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 1782
x-amz-cf-pop: FRA60-P9

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
48 B 58ms
56ms Ping
text/plain 2a00:1450:400c:c0c::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4YJ47TZ7LC&cid=504745197.1727556637&gtm=45je49p0v9138484290za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4YJ47TZ7LC&cx=c&_slc=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://bancaweb.pichincha.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: text/plain
server: Golfe2

GET ga-audiences
www.google.de/ads/ 0
0

GET
H2 200 /
www.facebook.com/tr/ 0
273 B 31ms
12ms Image
text/plain 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?batch=1&events[0]=id%3D636818550096392%26ev%3DPageView%26dl%3Dhttps%253A%252F%252Fbancaweb.pichincha.com%26rl%3D%26if%3Dfalse%26ts%3D1727556637242%26sw%3D1600%26sh%3D1200%26v%3D2.9.169%26r%3Dstable%26a%3DtmSimo-GTM-WebTemplate%26ec%3D0%26o%3D12316%26fbp%3Dfb.1.1727556637241.200729848658999213%26pm%3D1%26hrl%3D0657cd%26ler%3Dempty%26cdl%3DAPI_unavailable%26it%3D1727556637022%26coo%3Dfalse%26tm%3D1%26cs_cc%3D1%26cas%3D7966754326783622%252C8934302676596291%252C8970644199629381%252C7417526918354464%252C7822511924460011%252C7474754939237700%252C7110001702442604%252C7849847038381328%252C8060708120680827%26exp%3Df1&rqm=GET

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1328, tbw=2798, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: text/plain
server: proxygen-bolt

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 200ms
182ms Image
image/png 2a03:2880:f176:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=636818550096392&ev=PageView&dl=https%3A%2F%2Fbancaweb.pichincha.com&rl=&if=false&ts=1727556637242&sw=1600&sh=1200&v=2.9.169&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=12316&fbp=fb.1.1727556637241.200729848658999213&pm=1&hrl=0657cd&ler=empty&cdl=API_unavailable&it=1727556637022&coo=false&tm=1&cs_cc=1&cas=7966754326783622%2C8934302676596291%2C8970644199629381%2C7417526918354464%2C7822511924460011%2C7474754939237700%2C7110001702442604%2C7849847038381328%2C8060708120680827&exp=f1&rqm=FGET

Requested by

Host: bancaweb.pichincha.com
URL: https://bancaweb.pichincha.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer: https://bancaweb.pichincha.com/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7419799259931755979"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3217cc96721ca405","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:5493012490803512","7830:5493012490803512","10853:5493012490803512","41:5493012490803512","8046:5493012490803512"]},"debug_reporting":true,"debug_key":"2726527126319955683"}
date: Sat, 28 Sep 2024 20:50:37 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: Qt7mPzp5tAN8uimniosFwzDyR5RhFo4sej0K6Dhjx0vwVc5pCvOGxihHn1DWP691OzOSMhikgv6sxqrqjzBGPw==
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7419799259931755979", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1328, tbw=3115, tp=-1, tpl=-1, uplat=175, ullat=0
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0

GET
H2 200 crossdomain.html
1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/ Frame 4F82 0
0 51ms
6ms Document
text/html 2600:9000:2490:8200:a:6cdf:4440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/scripts/prod/crossdomain.html
Requested by: Host: bcdn-god.we-stats.com
URL: https://bcdn-god.we-stats.com/scripts/181e494/2c2af637.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:8200:a:6cdf:4440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36

Response headers

accept-ranges: bytes
age: 82145
content-length: 221
content-type: text/html
date: Fri, 27 Sep 2024 22:01:33 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
server: AmazonS3
via: 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront)
x-amz-cf-id: F2xBOrm17-CoH9lkhPhzwIQTuiVwW1IyxMEw_t74XCfu2XZBBoywPg==
x-amz-cf-pop: FRA56-P6
x-amz-version-id: null
x-cache: Hit from cloudfront

GET
H2 200 crossdomain.html
1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/ Frame F8B5 0
0 63ms
7ms Document
text/html 2600:9000:21f3:9800:1e:54f1:26c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://1.b406929acabac9b095f124c81bdfcf57f.com/scripts/prod/crossdomain.html
Requested by: Host: bcdn-god.we-stats.com
URL: https://bcdn-god.we-stats.com/scripts/181e494/2c2af637.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:9800:1e:54f1:26c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36

Response headers

accept-ranges: bytes
age: 20713
content-length: 221
content-type: text/html
date: Sat, 28 Sep 2024 15:05:25 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
server: AmazonS3
via: 1.1 cc0ab20766d57035422a2c4c69fe0620.cloudfront.net (CloudFront)
x-amz-cf-id: TIyav05jJYKMnkcL3pK5fhagjiHnP02Zzr7jPy1zUGS0RWdetXGxPA==
x-amz-cf-pop: FRA2-C2
x-amz-version-id: null
x-cache: Hit from cloudfront

GET
H2 200 crossdomain.html
1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/ Frame 78D1 0
0 51ms
6ms Document
text/html 2600:9000:2250:e600:13:ab57:d440:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://1.c81358859121583b7adf2ace89cb39f44.com/scripts/prod/crossdomain.html
Requested by: Host: bcdn-god.we-stats.com
URL: https://bcdn-god.we-stats.com/scripts/181e494/2c2af637.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:e600:13:ab57:d440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36

Response headers

accept-ranges: bytes
age: 33484
content-length: 221
content-type: text/html
date: Sat, 28 Sep 2024 11:32:34 GMT
etag: "21e34cf6a03f570df49e212018a567d0"
last-modified: Tue, 13 Oct 2020 12:04:25 GMT
server: AmazonS3
via: 1.1 375431e28d82888f474ac3665a4ceb66.cloudfront.net (CloudFront)
x-amz-cf-id: NUFuGZmZ__kapcU62DDf0gujFkI2g8oKlDDUP7aregv0mKQG9EUagw==
x-amz-cf-pop: FRA60-P2
x-amz-version-id: null
x-cache: Hit from cloudfront

GET
H2 200 favicon.ico
cdnbancawebprodcx6.azureedge.net/green/static/items/page-bb-pichincha-default/assets/ 32 KB
33 KB 93ms
14ms Other
image/vnd.microsoft.icon 2620:1ec:bdf::64
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdnbancawebprodcx6.azureedge.net/green/static/items/page-bb-pichincha-default/assets/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5f392da42a2efdd45266c82fe2bf20d16d70532f487370fcc57aaeeda585133d

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.30 Safari/537.36
Referer

Response headers

x-azure-ref: 20240928T205038Z-176d4fdd79cvlm573t8bg4gb6g0000000dtg000000009p32
x-cache-info: L1_T2
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
etag: 0x8DC43DB1DBEEEA1
x-fd-int-roxy-purgeid: 67377697
x-ms-request-id: 7058afa0-601e-0065-2f8d-11f09a000000
accept-ranges: bytes
x-cache: TCP_HIT
content-length: 32988
date: Sat, 28 Sep 2024 20:50:38 GMT
content-type: image/vnd.microsoft.icon
last-modified: Thu, 14 Mar 2024 03:59:15 GMT
vary: Origin
x-ms-blob-type: BlockBlob

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bancaweb.pichincha.com
URL: blob:https://bancaweb.pichincha.com/c782e374-ab8d-4b98-b15e-21914c596f95

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-H1TB1YRV63&cid=504745197.1727556637&gtm=45je49p0v9119783046z8812205726za200zb812205726&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=727318960

Domain: www.google.de
URL: https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4YJ47TZ7LC&cid=504745197.1727556637&gtm=45je49p0v9138484290za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727&tag_exp=101671035~101686685~101747727&z=1062776135

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pichincha.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_7_sn_9A8A0F4AAF5780C45EFDE6BD7E8E94AF_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_0_rcs-3Acss_0
.pichincha.com/	1970-01-21 08:38:12	Name: _abck Value: A166BE096465788C92E8580E2425C3C0~-1~YAAQj2QRAsQgcyWSAQAAL09mOgw2DS49EaQBWZX9DH237nMoBCATolrMAPcxD/+hNCKzxSXsCw5eVNzAAyu+0OXlmXpsx7qgi2dDuIo6LBgMvUnqaiPvh9sGpZFFpbN22a3tAeWceUSkEuktoUwq9rt86bP26IhJ0S2pKMLTN3gMYDFD+2Pr3tV+2AFvLKknfdnBacDFEj4XkfuqqNbNzDv56EWlwoVVWgJBVyOYK/cmkcUfYsecU6zxi6KZ8hhbK8Nh0qtMfT+UyYqjrFXupL75fDKYoSxsTGQw2ZnxPavjT+R3qO7gttyqh8PtoBfysW16BC1hZet8BF8sRC5DPoPYaQz8dYJcN5+D6bG5RuIy79D/QxXGVJ/aZUY0IEWFNpDbgwrImf3VWcd/aleWpoGXxJRheo+EaRgW4C5OGLA=~-1~-1~-1
.pichincha.com/	1970-01-20 23:52:51	Name: bm_sz Value: 935C81055076346C0DE354EFA6DA27FE~YAAQj2QRAsUgcyWSAQAAL09mOhld2Lj3N7+0/xVyn+GQk2zC/OPC563wVA+z66dj1u0NtjhcPNQ/FdWGV1RPGagS0X9ZfG9MOWv+0y33LHrB1kMpqHU4qaYoUL8gWTC12ictshA4E94BF+MFaApoMyN5HWBAWb0ZdXJds8Or7e7nRzAiV9d2yDe0B8tZl6RBHjiV8+2ROQe8vlq9L5B4NISNGJ+WkYHQTqRZuYTKEySmXpw3TKHpCK7O8nvji48+vNEjjcKZG2d1wHJbtE3FMLr0kKN1IiFeULBesXrHhthMIcfQr0KMyalv9uBpMif2deY+3tllcaYUc+MHiZnN9DNRb+mdpuBFap2aRAQEVwgYwcNpbVjQMfKKMaYsuBZVZy1BF+EhWJ4=~4403257~4272688
.pichincha.com/	1970-01-21 02:02:12	Name: _gcl_au Value: 1.1.384978783.1727556637
.pichincha.com/	1969-12-31 23:59:59	Name: cdContextId Value: 1
.pichincha.com/	1970-01-21 08:38:12	Name: bmuid Value: 1727556637006-E95BE5D8-38CF-47E7-A1CE-2C5EBC27D69F
.pichincha.com/	1970-01-20 23:54:03	Name: _gid Value: GA1.2.1217592144.1727556637
.pichincha.com/	1970-01-20 23:52:36	Name: _gat_UA-43316790-17 Value: 1
.bancaweb.pichincha.com/	1970-01-21 09:28:36	Name: _ga Value: GA1.3.504745197.1727556637
.bancaweb.pichincha.com/	1970-01-20 23:54:03	Name: _gid Value: GA1.3.1217592144.1727556637
.bancaweb.pichincha.com/	1970-01-20 23:52:36	Name: _gat_%5Bobject%20Object%5D Value: 1
.pichincha.com/	1970-01-21 09:28:36	Name: _ga Value: GA1.1.504745197.1727556637
.pichincha.com/	1970-01-21 09:28:36	Name: _ga_H1TB1YRV63 Value: GS1.1.1727556637.1.0.1727556637.60.0.0
.pichincha.com/	1970-01-21 02:02:12	Name: _fbp Value: fb.1.1727556637241.200729848658999213
.pichincha.com/	1970-01-21 08:38:12	Name: _hjSessionUser_1370437 Value: eyJpZCI6ImE1NjMzZGMxLWIwYWEtNThlZC05NmQyLTllZTJhMmJkODQ3ZCIsImNyZWF0ZWQiOjE3Mjc1NTY2MzcyOTksImV4aXN0aW5nIjpmYWxzZX0=
.pichincha.com/	1970-01-20 23:52:38	Name: _hjSession_1370437 Value: eyJpZCI6ImFlMjYzODcxLWY2MmQtNDE1OS1iNTcxLWQ0NzQ5MDRkYmUyMiIsImMiOjE3Mjc1NTY2MzczMDAsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.pichincha.com/	1970-01-21 09:28:36	Name: _ga_4YJ47TZ7LC Value: GS1.2.1727556637.1.0.1727556637.60.0.0
.pichincha.com/	1970-01-20 23:52:40	Name: cdSNum Value: 1727556637474-sjn0000677-08e3151f-6a56-4a44-b7d4-b8184ffc30f4

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://bancaweb.pichincha.com/pichincha/login Message: Refused to execute script from 'https://bancaweb.pichincha.com/ruxitagentjs_ICANVfgqru_10299240903104354.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c(Line 214) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-H1TB1YRV63&gtm=45je49p0v9119783046z8812205726za200zb812205726&_p=1727556636656&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=504745197.1727556637&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1727556637&sct=1&seg=0&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&en=page_view&_fv=1&_ss=1&tfd=943' because it violates the following Content Security Policy directive: "connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com *.googleusercontent.com".
javascript	error	URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c(Line 214) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-H1TB1YRV63&gtm=45je49p0v9119783046z8812205726za200zb812205726&_p=1727556636656&_gaz=1&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=504745197.1727556637&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1727556637&sct=1&seg=0&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&en=page_view&_fv=1&_ss=1&tfd=943' because it violates the document's Content Security Policy.
security	error	URL: https://bancaweb.pichincha.com/ Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-H1TB1YRV63&cid=504745197.1727556637&gtm=45je49p0v9119783046z8812205726za200zb812205726&aip=1&dma=1&dma_cps=syphamo&gcd=13l3lPl2l1l1&npa=1&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=727318960' because it violates the following Content Security Policy directive: "img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-4YJ47TZ7LC&cx=c&_slc=1(Line 189) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-4YJ47TZ7LC&gtm=45je49p0v9138484290za200&_p=1727556636656&_gaz=1&gcd=13l3l3l2l3l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101686685~101747727&ul=de-de&sr=1600x1200&cid=504745197.1727556637&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&sid=1727556637&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1220' because it violates the following Content Security Policy directive: "connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com *.googleusercontent.com".
javascript	error	URL: https://www.googletagmanager.com/gtag/js?id=G-4YJ47TZ7LC&cx=c&_slc=1(Line 189) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-4YJ47TZ7LC&gtm=45je49p0v9138484290za200&_p=1727556636656&_gaz=1&gcd=13l3l3l2l3l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101686685~101747727&ul=de-de&sr=1600x1200&cid=504745197.1727556637&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&sid=1727556637&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1220' because it violates the document's Content Security Policy.
security	error	URL: https://bancaweb.pichincha.com/ Message: Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-4YJ47TZ7LC&cid=504745197.1727556637&gtm=45je49p0v9138484290za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101671035~101686685~101747727&tag_exp=101671035~101686685~101747727&z=1062776135' because it violates the following Content Security Policy directive: "img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com *.googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net".
javascript	warning	URL: https://bancaweb.pichincha.com/ Message: The resource https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://bancaweb.pichincha.com/ Message: The resource https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c(Line 214) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-H1TB1YRV63&gtm=45je49p0v9119783046z8812205726za200zb812205726&_p=1727556636656&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=504745197.1727556637&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=2&sid=1727556637&sct=1&seg=0&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&en=funnel_step&ep.product=bw&ep.sub_product=login&ep.userflow_type=web&ep.funnel_step=01_login_screen&_et=6&tfd=5951' because it violates the following Content Security Policy directive: "connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com *.googleusercontent.com".
javascript	error	URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c(Line 214) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-H1TB1YRV63&gtm=45je49p0v9119783046z8812205726za200zb812205726&_p=1727556636656&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=504745197.1727556637&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=2&sid=1727556637&sct=1&seg=0&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&en=funnel_step&ep.product=bw&ep.sub_product=login&ep.userflow_type=web&ep.funnel_step=01_login_screen&_et=6&tfd=5951' because it violates the document's Content Security Policy.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c(Line 214) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-H1TB1YRV63&gtm=45je49p0v9119783046za200zb812205726&_p=1727556636656&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=504745197.1727556637&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=3&sid=1727556637&sct=1&seg=0&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&en=user_engagement&_et=7140&tfd=8092' because it violates the following Content Security Policy directive: "connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com *.googleusercontent.com".
javascript	error	URL: https://www.googletagmanager.com/gtag/js?id=G-H1TB1YRV63&l=dataLayer&cx=c(Line 214) Message: Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-H1TB1YRV63&gtm=45je49p0v9119783046za200zb812205726&_p=1727556636656&gcd=13l3lPl2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101671035~101747727&cid=504745197.1727556637&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=3&sid=1727556637&sct=1&seg=0&dl=https%3A%2F%2Fbancaweb.pichincha.com%2F&dt=Bancaweb&en=user_engagement&_et=7140&tfd=8092' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' 'unsafe-eval' 'unsafe-inline' blob: data: https://.pichincha.com https://bcdn-god.we-stats.com https://www.googleadservices.com https://detectca.easysol.net https://connect.facebook.net https://www.facebook.com https://www.googletagmanager.com https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://.google.com https://.gstatic.com https://www.recaptcha.net http://34.120.46.84 https://.googleapis.com https://.gstatic.com .googleusercontent.com; img-src 'self' data: https://googleads.g.doubleclick.net https://cdnbancawebpreprodcx6statics.azureedge.net https://cdnbancawebprodcx6.azureedge.net https://detectca.easysol.net https://www.google-analytics.com https://.gstatic.com https://stats.g.doubleclick.net https://.hotjar.com https://.hotjar.io https://.google.com https://www.facebook.com https://www.google.com.ec https://www.googletagmanager.com https://.googleapis.com https://.gstatic.com .googleusercontent.com https://sadesarrollotarjdebito.blob.core.windows.net; connect-src https://.biocatch.com https://.pichincha.com https://.we-stats.com https://analytics.google.com https://detectca.easysol.net https://.hotjar.com https://.hotjar.io wss://.hotjar.com https://www.google-analytics.com https://stats.g.doubleclick.net https://connect.facebook.net https://www.googletagmanager.com https://www.recaptcha.net https://www.facebook.com https://.googleapis.com https://.gstatic.com .googleusercontent.com; frame-ancestors https://.pichincha.com;
Strict-Transport-Security	max-age=1536000; includeSubdomains;
X-Content-Type-Options	nosniff
X-Frame-Options	same-origin
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.a79ab95c1589a13f8a4cab612bc71f9f7.com
1.b406929acabac9b095f124c81bdfcf57f.com
1.c81358859121583b7adf2ace89cb39f44.com
bancaweb.pichincha.com
bcdn-god.we-stats.com
cdn.pichincha.com
cdnbancawebprodcx6.azureedge.net
connect.facebook.net
fonts.gstatic.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
bancaweb.pichincha.com
www.google.de
13.33.187.92
18.66.102.106
2.17.100.147
2600:9000:21f3:9800:1e:54f1:26c0:93a1
2600:9000:2240:2800:10:fcf8:9540:93a1
2600:9000:2250:e600:13:ab57:d440:93a1
2600:9000:2490:8200:a:6cdf:4440:93a1
2620:1ec:bdf::64
2a00:1450:4001:802::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:812::200e
2a00:1450:4001:828::2003
2a00:1450:4001:82f::2004
2a00:1450:400c:c0c::9d
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
34.120.99.200
1083d69c1044cd1702b671918682102cd2f5bde45a7ff6db1ab5a51119dd00ae
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
21c8984d09fe14c45a88855b2d276b7ba1aebacd35cb75226721480d7ef155b8
24aa7b8bdbc1a136a69f3828a19a8faaccc9c7124d42366b6683e84239ee74a0
26a1ffffa94cf7e7429488ecc16b6d2dcff5e99d90eae00ea67c33f33ad3f800
2ba9b31b5cd3a1e42464ec5559d018ba0cf7e063d40f816cbbbfde796ef448f0
35dca8a7145a17c8d1306f25a3ca091578e15396f0b22d61eb8e73262ac75577
3839fe324c34251548e08db28b34fb5da315a7f1462cc68a06834a1a32d06494
3fce4d60516fd68c0b752a2a4238b954241509dd9f4958f6ded40219ca687144
413beba4fb6f45ed524bb18ef31a6d08c831b004de6cac6b25b26c0615943d39
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b
57a17ca733c4e62ae2de0ef0cceb241f777e2ea3ec32ffdc3c115e431883fa4a
5ebce957851eb83517851e8613f012eb45aa4ebb6142b92c30b7d9492c874e22
5f392da42a2efdd45266c82fe2bf20d16d70532f487370fcc57aaeeda585133d
60e0bfd7d86ad51b81f86a69494d136f068bbb92bff449271a3f68daab99e452
643032a202d31d41094cd7661e6ac2705eed97494984b34a3dc3e75697be46c0
70712c8650feecc46403b5801b9d5b72d5b2d6ba1d1cf0317e105603982321bf
72aaf2cc33297ad9e2665e1b7f8b2865ed3d291ef285cf9e1bbd8b27e0045992
739a362fd0e86d02e5e8c0e1cdedaf0ae295e46fa96d156d71aad3e9011182a8
8635cb1f53e720094ad3494627fd904246c714272f0aaa563117f2688deaee24
a2e920bc0195d18871d84d88dd7e149e65904957460ccd7ebede1e34aa3989c3
a6c987a7e5f64aadf3b3041ac863b3f7870189a0d9814d71d9280c91819058e3
a9864d7c9721eae7cc243a92dcd4e8a6e4e94b5d03c2cc6d6a1a1d24b28bdba7
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac9f32fad97783f87d38829c2f0358169794896213b285c7166d46d9d73d87f3
ad18e7168a4d7886c12981f28ab696b11152fa67bf1ad03165417cd7dca30d0d
b45ee7708d98269898ee82a8329269fd47af32657d1ad4e1ef6b43a7923dcfe7
b59aea27fa8369f30285b9c3875597435dfce1fc0571555adcc11d210cb9bd1b
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
c98da62f0d6a11e66279af3906a33107b7f57c385f57b318650c9d8340eae823
cad36b63f4c99dc686a6a579a8c6efd41a36a1912a683a4ef1c8477ac5bf70ee
cd4676442306bb29ac4e0fdd1da7f3ccda77b040b71c7937634fa9698f9867be
d73e0ca89dec39179683825c77431cb68708e56035af72352e5cab15dbfeff34
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2eed982b93e21cd92db8497b50aadd29712f799b8fc3ae9aa6ac3eccbaf0a5e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f065754693a5b030be98ebd3aea7ea38a08488003946f9fb99d7259ea50e9e24
f53e98aa544224c6d20e9bc9ad88861f545593125f1fb8033b476a03d82887d1
fc3490c0d21c14c0429104f2288eff3de5f5d68d3824ce436777eab15d0bfc13
feb512afb6ccd2bb2453105c967d6e44f607852245b9eba31cb5bb434302fe98

bancaweb.pichincha.com Open in urlscan Pro 2.17.100.147 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

94 %HTTPS

76 %IPv6

15 Domains

18 Subdomains

18 IPs

3 Countries

1885 kBTransfer

5455 kBSize

18 Cookies

1 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

bancaweb.pichincha.com Open in urlscan Pro
2.17.100.147 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

94 %
HTTPS

76 %
IPv6

15
Domains

18
Subdomains

18
IPs

3
Countries

1885 kB
Transfer

5455 kB
Size

18
Cookies

50 HTTP transactions
0 data transactions